>>> Jon Earle <[EMAIL PROTECTED]> 09/27/99 04:39PM >>>
>I have a host, www.company.ca, tied to address 192.168.1.2 (it's on
the
>protected side of a firewall). This is publicly accessible, with no
>problems. I do have one directory tree within www.company.ca that
I'd
>like to have encrypted when viewed, but the rest can be unencrypted.
(I
>have no need for authentication, encryption will fill all of my
needs.) I also
>have a webmail virtualhost (mail.company.ca) setup on the same IP.
You are correct to have created two certificates, one for each domain
name, but you cannot have two SSL-enabled virtual hosts on the same IP
address, *unless* they use different port numbers (ie, at least one of
them is on a non-standard port, which is probably not what you want).
=-( The reason for this is that the secure sockets layer is below the
http layer, meaning that when the connection is first established, the
SSL is negotiated *before* the HTTP request comes across to tell the
server which virtual host it is you're connecting to, meaning that the
only way the server can know which certificate to use is by the IP/port
combination that was used to connect. Therefore, generally speaking,
the best way to go is to have each SSL-enabled virtual host on a
separate IP (so that you can use the standard port 443 for each).
Hope this helps!
--Cliff
Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/
Work: (540) 463-8089
Pager: (540) 462-3472
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
